{"id":"MGASA-2016-0304","summary":"Updated openvpn packages fix security vulnerability","details":"Ciphers with 64-bit block sizes used in CBC mode were found to be\nvulnerable to birthday attack when key renegotiation doesn't happen\nfrequently or at all in long running connections. Blowfish cipher as used\nin OpenVPN by default is vulnerable to this attack, that allows remote\nattacker to recover partial plaintext information (XOR of two plaintext\nblocks) (CVE-2016-6329).\n","modified":"2026-02-02T06:00:03.202724Z","published":"2016-09-16T09:27:13Z","related":["CVE-2016-6329"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0304.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=19251"},{"type":"REPORT","url":"https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IIPSFOGSRZ5PCY7HRYCDJADE4DTIBMML/"}],"affected":[{"package":{"name":"openvpn","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/openvpn?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.3.12-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0304.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}